Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

Unknown

Privileges Required

Unknown

Attack Vector

Unknown

0

CVE-2007-2444

Disclosure Date: May 14, 2007 •

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Logic error in the SID/Name translation functionality in smbd in Samba 3.0.23d through 3.0.25pre2 allows local users to gain temporary privileges and execute SMB/CIFS protocol operations via unspecified vectors that cause the daemon to transition to the root user.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

None

Impact Score:

Unknown

Exploitability Score:

Unknown

Vector:

Attack Vector (AV):

Unknown

Attack Complexity (AC):

Unknown

Privileges Required (PR):

Unknown

User Interaction (UI):

Unknown

Scope (S):

Unknown

Confidentiality (C):

Unknown

Integrity (I):

Unknown

Availability (A):

Unknown

Vendors

canonical,
debian,
samba

Products

debian linux 4.0,
debian linux 5.0,
samba 3.0.23d,
samba 3.0.24,
samba 3.0.25,
ubuntu linux 6.06,
ubuntu linux 6.10,
ubuntu linux 7.04

References

Canonical

CVE-2007-2444 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2444)

BID-23974 (http://www.securityfocus.com/bid/23974)

Advisory

GLSA-200705-15 (http://security.gentoo.org/glsa/glsa-200705-15.xml)

SECUNIA-25289 (http://secunia.com/advisories/25289)

ADV-2007-1805 (http://www.vupen.com/english/advisories/2007/1805)

SECUNIA-25772 (http://secunia.com/advisories/25772)

http://lists.suse.com/archive/suse-security-announce/2007-May/0006.html

SECUNIA-25270 (http://secunia.com/advisories/25270)

20070515 FLEA-2007-0017-1: samba (http://www.securityfocus.com/archive/1/468670/100/0/threaded)

ADV-2007-2281 (http://www.vupen.com/english/advisories/2007/2281)

ADV-2007-2210 (http://www.vupen.com/english/advisories/2007/2210)

HPSBTU02218 (http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01078980)

SECTRACK-1018049 (http://www.securitytracker.com/id?1018049)

USN-460-1 (http://www.ubuntu.com/usn/usn-460-1)

SREASON-2701 (http://securityreason.com/securityalert/2701)

SECUNIA-25241 (http://secunia.com/advisories/25241)

http://www.mandriva.com/security/advisories?name=MDKSA-2007:104

SECUNIA-25256 (http://secunia.com/advisories/25256)

https://issues.rpath.com/browse/RPL-1366

SECUNIA-25259 (http://secunia.com/advisories/25259)

SUNALERT-102964 (http://sunsolve.sun.com/search/document.do?assetkey=1-26-102964-1)

DSA-1291 (http://www.debian.org/security/2007/dsa-1291)

20070513 [SAMBA-SECURITY] CVE-2007-2444: Local SID/Name Translation Failure Can Result in User Privilege Elevation (http://www.securityfocus.com/archive/1/468548/100/0/threaded)

SECUNIA-25232 (http://secunia.com/advisories/25232)

SECUNIA-25251 (http://secunia.com/advisories/25251)

SUNALERT-200588 (http://sunsolve.sun.com/search/document.do?assetkey=1-66-200588-1)

USN-460-2 (http://www.ubuntu.com/usn/usn-460-2)

SECUNIA-25246 (http://secunia.com/advisories/25246)

OSVDB-34698 (http://osvdb.org/34698)

SECUNIA-25255 (http://secunia.com/advisories/25255)

http://www.samba.org/samba/security/CVE-2007-2444.html

SECUNIA-25675 (http://secunia.com/advisories/25675)

Miscellaneous

OpenPKG-SA-2007.012 (http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.012.html)

2007-0017 (http://www.trustix.org/errata/2007/0017)

http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.475906

http://www.trustix.org/errata/2007/0017/

Rapid7

Technical Analysis